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DETAILED ACTION 

1 . This action is in response to the amendment filed on 04/24/2009. 

2. Claims 1, 5, 10, 14 and, 18-20 have amended. 

3. Claims 4 and 13 have canceled. 

4. Claims 1-3, 5-12 and, 14-20 are pending for consideration. 



Response to Arguments 

5. Applicant's argument with respect to the 35 U.S.C. 101 rejection has been 
fully considered in view of the amendment filed on 04/24/2009, which has been 
made in record, and the 35 U.S.C. 101 rejection has been withdrawn. 

6. Applicant's arguments filed on 04/24/2009 have been fully considered but 
they are not persuasive. 

7. Applicant argues that Asokan fails to provide a teaching of a first institution 
and a second institution. Examiner respectfully disagrees. Asokan does 
disclose the first institution and the second institution (Asokan: see page 3 and 
figure 1). Examiner interprets the user, his trusted personal device and the 
terminal is the first institution. The central server recited in Asokan reference is 
the second institution. Therefore Asokan does disclose the first and second 
institution. 

8. Applicant further argues that Asokan fails to disclose using an access 
legitimization legitimizing access to a first institution for granting access to a 
second institution via a second device. Examiner respectfully disagrees. Asokan 
does discloses using an access legitimization legitimizing access to a first 
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institution for granting access to a second institution via a second device 
(Asokan: page 9 column 2, last paragraph and page 10 column 1, 1 st and 2 nd 
paragraph). 



Claim Rejections - 35 USC § 102 

9. The following is a quotation of the appropriate paragraphs of 35 
U.S.C. 102 that form the basis for the rejections under this section made in this 
Office action: 

A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in 
public use or on sale in this country, more than one year prior to the date of application for patent in 
the United States. 

10. Claims 1-3, 5-12 and, 14-20 are rejected under 35 U.S.C. 102(b) as being 
anticipated by N. Asokan et al. (Reference U: "Authenticating public terminals") 
(hereinafter Asokan). 

1 1 . Regarding claim 1 , Asokan discloses receiving at the server a request for 
triggering the following steps (Asokan: page 863, section 3.1 : when a user U 
walks up to an untrusted terminal, he attaches his device D to the terminal T by 
some means (e.g., infrared link, physical connection); and page 865-866, section 
3.3); selecting a first linking information and a second linking information, the first 
linking information matching to the second linking information, sending from the 
server the first linking information to the first device and the second linking 
information to the second device, presenting by the first device the first linking 
information and by the second device the second linking information, the step of 
presenting being performed after the step of sending such that the first linking 
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information is out put on the first device in parallel to output of the second 
information on the second device, entering into the first device an indication of 
the matching of the first linking information and the second linking information, 
based on the entered indication of the matching, sending to the server a 
matching confirmation for confirming the matching to the server, associating the 
first characteristic and the second characteristic based on the received matching 
confirmation (Asokan: page 865-866, section 3.3), for executing the linking, the 
server further verifying the access legitimization of the first device, based on the 
linking, sending a message from the server for granting access to the second 
institution (Asokan: see page 3 and figure 1). 

12. Regarding claim 2, Asokan discloses wherein the request for linking is a 
request for authentication and the first device is a trusted device within said 
communication network, further comprising the step of stating the association by 
an authentication assertion (Asokan: pages 861-866: S sends a number of 
challenge/response pairs to the user via a confidential, authenticated channel to 
his home base and the user selects a different authentication vector for each 
challenge and sends them back to S). 

13. Regarding claims 3 and 12, Asokan discloses wherein the authentication 
assertion is sent for granting access (Asokan: page 866). 

14. Regarding claim 5, Asokan discloses wherein the second characteristic 
comprises an identifier identifying the second device and access to a second 
institution is granted to or via the second device based on the associating of the 
first characteristic relating to the access legitimization and the second 
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characteristic comprising the identifier, the second institution being identical to or 
different from the first institution (Asokan: pages 865-866). 

15. Regarding claims 6 and 15, Asokan discloses wherein the first linking 
information and the second linking information comprise one or more randomly 
generated symbols (Asokan: pages 865-869). 

16. Regarding claims 7 and 16, Asokan discloses wherein the first linking 
information is identical to the second linking information (Asokan: pages 861- 
869). 

17. Regarding claims 8 and 17, Asokan discloses wherein the associating is 
based on a verification for correctness of confirmation data entered into the first 
device (Asokan: pages 865-866). 

18. Regarding claim 9, Asokan discloses wherein the entered confirmation 
data comprises at least one of (a) a Personal Identification Number, (b) a 
password, (c) an indication for additional information being presented in parallel 
to the first linking information or second linking information, the additional 
information being distinguishable from the first linking information and the second 
linking information, and (d) data being computed on the base of the first linking 
information and/or the second linking information (Asokan: pages 861-869). 

1 9. Regarding claim 1 0, Asokan discloses a server usable for linking of a first 
characteristic of a first device and a second characteristic of a second device, the 
server comprising: a receiving unit for receiving messages, a transmitting unit for 
sending messages, and a processing unit for processing messages and 
information, wherein the receiving unit is adapted to receive a request for linking, 
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the processing unit is adapted to be triggered by the received request for linking 
and to select a first linking information and a second linking information, the first 
linking information matching to the second linking information, the transmission 
unit is adapted to send the first linking information to the first device and the 
second linking information to the second device such that the first linking 
information is output on the first device in parallel to output of the second linking 
information on the second device, the receiving unit is adapted to receive a 
matching confirmation from the first device, the matching confirmation confirming 
to the processing unit the matching of the first linking information presented by 
the first device and the second linking information presented by the second 
device, and the processing unit is adapted to execute an associating of the first 
characteristic and the second characteristic based on the received matching 
confirmation, and for executing the linking, to further verify the access 
legitimization of the fist device, and, based on the linking, to send via the 
transmission unit a message for granting access to the second institution 
(Asokan: pages 861-869: S sends a number of challenge/response pairs to the 
user via a confidential, authenticated channel to his home base and the user 
selects a different authentication vector for each challenge and sends them back 
to S). 

20. Regarding claim 1 1 , Asokan discloses wherein the server is used for 
authentication, the request for linking is a request for authentication and the first 
device is a trusted device, the processing unit being further adapted to state the 
association by an authentication assertion (Asokan: pages 865-869: section 3.3). 
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21 . Regarding claim 14, Asokan discloses wherein the second characteristic 
comprises an identifier identifying the second device and, based on the 
associating of the first characteristic relating to the access legitimization and the 
second characteristic comprising the identifier, the processing unit is adapted to 
generate an access assertion for granting to or via the second device access to a 
second institution being identical or different from the first institution, and the 
transmission unit is adapted to send the access assertion to the second device or 
the second institution or to an entity supporting the second device or the second 
institution for granting access (Asokan: pages 865-866: S sends a number of 
challenge/response pairs to the user via a confidential, authenticated channel to 
his home base and the user selects a different authentication vector for each 
challenge and sends them back to S). 

22. Regarding claim 18, Asokan discloses responsive to a request received at 
the server, triggering the following steps: selecting a first linking information and 
a second linking information, the first linking information matching to the second 
linking information, initializing a sending of the first linking information to the first 
device and a sending of the second linking information to the second device such 
that the first linking information is output on the first device in parallel to output of 
the second linking information on the second device, and executing an 
associating of the first characteristic and the second characteristic based on a 
matching confirmation received from the first device, the matching confirmation 
confirming to the computer program the matching of the first linking information 
presented by the first device and the second linking information presented by the 
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second device, and for executing the linking, further verifying the access 
legitimization of the first device, and, based on the linking, initializing a sending of 
a message for granting access to the second institution (Asokan: pages 865-869, 
section 3.3: S sends a number of challenge/response pairs to the user via a 
confidential, authenticated channel to his home base and the user selects a 
different authentication vector for each challenge and sends them back to S). 

23. Regarding claim 19, Asokan discloses wherein the association is further 
based on a verification for correctness of confirmation data entered into the first 
device (Asokan: pages 865-866). 

24. Regarding claim 20, Asokan discloses wherein said entered confirmation 
data includes a password (Asokan: pages 865-866). 



Conclusion 

25. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of 
time policy as set forth in 37 CFR 1 .1 36(a). 

A shortened statutory period for reply to this final action is set to expire 
THREE MONTHS from the mailing date of this action. In the event a first reply is 
filed within TWO MONTHS of the mailing date of this final action and the advisory 
action is not mailed until after the end of the THREE-MONTH shortened statutory 
period, then the shortened statutory period will expire on the date the advisory 
action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be 
calculated from the mailing date of the advisory action. In no event, however, will 
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the statutory period for reply expire later than SIX MONTHS from the mailing 
date of this final action. 

Any inquiry concerning this communication or earlier communications from 
the examiner should be directed to TRANG DOAN whose telephone number is 
(571)272-0740. The examiner can normally be reached on Monday-Friday. 

If attempts to reach the examiner by telephone are unsuccessful, the 
examiner's supervisor, William R. Korzuch can be reached on (571) 272-7589. 
The fax phone number for the organization where this application or proceeding 
is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from 
the Patent Application Information Retrieval (PAIR) system. Status information 
for published applications may be obtained from either Private PAIR or Public 
PAIR. Status information for unpublished applications is available through 
Private PAIR only. For more information about the PAIR system, see http://pair- 
direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll- 
free). If you would like assistance from a USPTO Customer Service 
Representative or access to the automated information system, call 800-786- 
9199 (IN USA OR CANADA) or 571-272-1000. 

/Trang Doan/ 
Examiner, Art Unit 2431 
/Syed Zia/ 

Primary Examiner, Art Unit 2431 
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